Security, Ethics & Assurance

Competency C

Demonstrate strong understanding of security and ethics issues related to informatics, user interface, and inter-professional application of informatics in specific fields by designing and implementing appropriate information assurance and ethics in privacy solutions.

Introduction

The rapidly expanding field of informatics presents a compelling paradox. While it offers unprecedented data collection, analysis, and collaboration opportunities, it also brings urgent questions about security and ethics to the forefront. The 2024 Data Breach Investigations Report (DBIR) by Verizon provides crucial insights into the security concerns of the previous year, which affected all industries (DBIR report 2024: Introduction: Verizon). Information systems house a wealth of sensitive data, making them prime targets for cybercriminals. Breaches can expose patient records, financial information, and intellectual property, leading to identity theft, economic losses, and damage to reputation. Malicious software and hacking attempts can disrupt operations, corrupt data, and compromise system integrity. Healthcare organizations, in particular, are at high risk due to the life-critical nature of their data.

Moreover, ethical concerns surrounding collecting, storing, and using personal data raise ethical concerns. The use of AI has sparked strong conversations about it’s ethical use and the application and consent of AI, especially in the healthcare field (Ronanki, 2024). Balancing the need for data for research and treatment with patient privacy is a complex challenge. Determining data ownership in information systems and the ethical and secure sharing of this data for research and collaboration are of the utmost importance. Clear guidelines and informed consent are crucial, and it is up to informaticians, policymakers, and individuals involved in data collection and analysis to lead the way in developing and implementing such guidelines, especially in the face of lagging laws and policies. As remote employment grows, so does the risk of security incidents and breaches, making this competency imperative for an enhanced understanding of security threats, ethical concerns, and how to mitigate such challenges. My courses prepared me with crucial and fundamental security knowledge and ethical responisblity that will support any career path I partake in.

Evidence 1

Identity Theft Resource Center Data Breaches

I have chosen this paper from INFM 208 to support Competency C. It reveals significant breaches in 2023, including the number of victims, affected industries, and types of records exposed. When investigating organizations involved in data breaches or cyber-attacks, we can gather information about potential security vulnerabilities and their financial impact on the organization. However, organizations seem to become targets of repeated attacks if their security is weak, as illustrated in the National Amusements, Inc. case (National Amusements notifies over 82K of recent data breach). By implementing diligent security protocols, the risk of breaches can be reduced. Additionally, consumers should be mindful of the data they share with organizations, as increased data sharing raises the risk of being targeted.

Comp C INFM 202

Evidence 2

Personal Risk Assessment

I chose this Personal Risk Assessment as evidence because it shows an understanding of assets, how to categorize assets correctly, and, most importantly, the threat vulnerability categories and how to implement a mitigation strategy. Security threats can stem from human errors, natural disasters, system failures, and attacks. Organizations must regularly conduct security assessments of all assets to protect themselves from potential security incidents. By identifying vulnerabilities beforehand, organizations can address weaknesses before they are exploited. Comprehensive reports, such as my personal assessment, provide valuable insights into security risks, which help make informed decisions about necessary security measures. My personal assessment offers invaluable insights into security risks, which empower decisions about necessary security procedures.

Comp C Project Risk Assessment

Evidence 3

Ethical Issues in Digital Epidemiology

I selected this paper from my INFM 210 course as it discusses ethical concerns related to data collection from wearable health devices. While data collection may seem harmless and helpful for gathering and analyzing information, users must be cautious about privacy, especially concerning children. Data is being gathered from a very young age, and without strong ethical guidelines to protect privacy, it is unclear how the data may be used in the future and if it can impact a person. Individuals must understand the legal and ethical guidelines they agree to when signing electronic consent forms. Organizations must also implement a robust framework of data governance procedures and confidentiality measures.

Comp C Ethical Issues in Digital Epidemiology

Evidence 4

Infosec - Information Security Fundamentals

As evidence of this competency, I submitted my final report from the Infosec Information Security Fundamentals course, part of INFM 202. The class covered security awareness, incident handling recommendations from the National Institute of Standards and Technology ( NIST), assets and threats, vectors, and data breaches and incidents. The Infosec course dived into the technical aspects of network security, protocols, firewalls, data backups, encryption, determining the security policies of any organization, and incident response procedures and forensics. The virtual training followed the Comp TIA Security+ modules to provide a broad knowledge of security fundamentals, which is paramount when applying informatics in the real world.

InfosecReport

Conclusion

The courses at SJSU prepared me to understand, research, and manage security and ethics-related concerns. Developing and assessing security infrastructure with robust firewalls, intrusion detection systems, and encryption technologies strengthens defenses against cyberattacks. Data Governance policies protect ethics and privacy concerns regarding establishing data collection, storage, access, and disposal and ensure responsible data management. Human error is the largest category of data breaches, and thus, implementing comprehensive security user training and cyber hygiene programs reduces the risk of an incident or breach. Responsible data handling practices are critical in all organizations and personal transactions at home. Security assessments must be ongoing as cybercrime evolves to help identify and mitigate potential issues. My pathway in the Informatics program is Health Informatics and I know that security breaches in healthcare organizations can have devastating consequences: healthcare breaches are costly to organizations and tremendously risky for patients becoming victims of identity theft, medical fraud, and financial fraud. Additionally, delayed access to accurate electronic medical records can delay treatment and endanger lives. By implementing robust information assurance solutions, adhering to ethical frameworks, and constantly adapting to evolving threats, we can harness the power of informatics while safeguarding sensitive information and upholding moral principles.

References

DBIR report 2024: Introduction: Verizon. Verizon Business. (n.d.). https://www.verizon.com/business/resources/reports/dbir/2024/introduction/

National Amusements notifies over 82K of recent data breach. JD Supra. (n.d.). https://www.jdsupra.com/legalnews/national-amusements-notifies-over-82k-2222390/

Ronanki, R. (2024, January 4). Ethical AI in Healthcare: A focus on responsibility, trust, and safety. Forbes. https://www.forbes.com/sites/forbesbooksauthors/2024/01/04/ethical-ai-in-healthcare-a-focus-on-responsibility-trust-and-safety/

Home

Report abuse